Remote Code Execution Vulnerability in HuggingFace Transformers Library
CVE-2026-4372

7.8HIGH

Key Information:

Vendor: Huggingface
Status: Huggingface/transformers
Vendor: CVE Published:; 24 May 2026

🔔 Create Huggingface Vulnerability Alert

What is CVE-2026-4372?

A remote code execution flaw exists in the HuggingFace Transformers library, impacting all versions before 5.3.0. This vulnerability allows attackers to create a malicious config.json that directs the library to download a harmful repository. Upon execution via the AutoModelForCausalLM.from_pretrained() API, arbitrary Python code is run with the victim's OS privileges. The issue stems from poor deserialization practices, lack of proper field sanitization, and inadequate security measures, leading to exploitation via documented usage patterns, rendering it particularly dangerous. Users are strongly recommended to upgrade to version 5.3.0 or above to prevent exploitation.

Affected Version(s)

huggingface/transformers < 5.3.0

References

https://huntr.com/bounties/1f693a6e-6836-4b8b-a0bd-ca036f...

https://github.com/huggingface/transformers/commit/a7f8e7...

CVSS V3.0

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 24, 2026
Vulnerability Reserved
Mar 18, 2026

CVE-2026-4372 Data

JSON